Image processing apparatus with malicious code detection processing and control program

ABSTRACT

An image processing apparatus includes: an image processing part; a storage part including a nonvolatile region that stores data in a nonvolatile manner; and a hardware processor that controls the image processing part, wherein the nonvolatile region includes a plurality of storage regions, the storage part stores setting information indicating whether each of the plurality of storage regions is a target of malicious code detection processing, and the hardware processor performs the malicious code detection processing only on a storage region that is the target of the malicious code detection processing based on the setting information among the plurality of storage regions.

The entire disclosure of Japanese patent Application No. 2018-088269,filed on May 1, 2018, is incorporated herein by reference in itsentirety.

BACKGROUND Technological Field

The present disclosure relates to malicious code detection processingsuch as a virus scan in an image processing apparatus.

Description of the Related Art

Conventionally, in an image processing apparatus such as amulti-functional peripheral (MFP), malicious code detection processingsuch as a virus scan is performed in order to secure operation safety.Regarding malicious code detection processing in an image processingapparatus, various technologies are proposed in JP 2005-229611 A, JP2006-256104 A, JP 2006-277004 A, JP 2008-046826 A, JP 2011-039599 A, andthe like.

However, since resources for performing control processing in an imageprocessing apparatus is finite, performance of an image processingapparatus may be degraded due to execution of malicious code detectionprocessing.

SUMMARY

The present disclosure has been devised in view of the abovecircumstances, and an object thereof is to avoid degradation inperformance in an image processing apparatus as much as possible whilesecuring the operation safety.

To achieve the abovementioned object, according to an aspect of thepresent invention, an image processing apparatus reflecting one aspectof the present invention comprises: an image processing part; a storagepart including a nonvolatile region that stores data in a nonvolatilemanner; and a hardware processor that controls the image processingpart, wherein the nonvolatile region includes a plurality of storageregions, the storage part stores setting information indicating whethereach of the plurality of storage regions is a target of malicious codedetection processing, and the hardware processor performs the maliciouscode detection processing only on a storage region that is the target ofthe malicious code detection processing based on the setting informationamong the plurality of storage regions.

BRIEF DESCRIPTION OF THE DRAWINGS

The advantages and features provided by one or more embodiments of theinvention will become more fully understood from the detaileddescription given hereinbelow and the appended drawings which are givenby way of illustration only, and thus are not intended as a definitionof the limits of the present invention:

FIG. 1 is a diagram showing an example of a configuration of a networksystem including an information processing device which is an example ofan image processing apparatus;

FIG. 2 is a diagram showing an example of a hardware configuration of aninformation processing device;

FIG. 3 is a diagram showing an example of a file storage mode in a filestorage region;

FIG. 4 is a diagram showing an example of information stored in asetting region;

FIG. 5 is a diagram showing an example of processing for the informationprocessing device to perform a print instruction from a control device;

FIG. 6 is a diagram showing another example of processing for theinformation processing device to perform a print instruction from thecontrol device;

FIG. 7 is a diagram for explaining another example of classification ofa region in the file storage region;

FIG. 8 is a diagram showing an example of information stored in thesetting region corresponding to the example of FIG. 7;

FIG. 9 is a diagram showing a sequence of processing related to a regionto which access from an external device is allowed;

FIG. 10 is a diagram showing a sequence of processing related to aregion to which access from an external device is not allowed;

FIG. 11 is a diagram for explaining still another example of storagecontents of the setting region;

FIG. 12 is a diagram for explaining still another example of storagecontents of the setting region; and

FIG. 13 is a diagram showing a sequence of processing corresponding toaccess from an external device.

DETAILED DESCRIPTION OF EMBODIMENTS

Hereinafter, one or more embodiments of the present invention will bedescribed with reference to the drawings. However, the scope of theinvention is not limited to the disclosed embodiments. In the followingdescription, the same parts and constituent elements are denoted by thesame reference numerals. Names and functions thereof are also the same.Therefore, description of these will not be repeated.

1. Configuration of Network System

FIG. 1 is a diagram showing an example of a configuration of a networksystem including an information processing device which is an example ofan image processing apparatus. With reference to FIG. 1, an example of amethod of using the information processing device in the network systemwill be described.

The network system of FIG. 1 includes an information processing device100, a control device 500 used by a user, and an access point 600. Theinformation processing device 100 is a device having an image processingfunction, such as an MFP.

The control device 500 accesses the information processing device 100through the access point 600. The user instructs the informationprocessing device 100 to perform printing operation via the controldevice 500 and also stores a file in the information processing device100. As will be described later, the information processing device 100is characterized by a mode of virus scan (malicious code detectionprocessing) of a file stored in the information processing device 100.

2. Configuration of Information Processing Device

FIG. 2 is a diagram showing an example of a hardware configuration ofthe information processing device 100. With reference to FIG. 2, theconfiguration of the information processing device 100 will bedescribed.

In the present disclosure, the information processing device 100 isrealized as a device in which a server and an MFP are integrallyconfigured. The information processing device 100 includes an MFP part10, a server part 20, and an operation panel 30. The operation panel 30is used as a user interface of the MFP part 10 and the server part 20.The configuration of each of the MFP part 10 and the server part 20 willbe described below.

(MFP Part 10)

The MFP part 10 includes a central processing unit (CPU) 190 forcontrolling the entire MFP part 10, and a storage part 191. The storagepart 191 is realized by, for example, a nonvolatile memory. A filestorage region 1910 for storing files and a setting region 1920 forstoring various settings may be set in the storage part 191. Theinformation stored in the storage part 191 may include a programexecuted by the CPU 190 and data used for executing the program.

The MFP part 10 further includes an image processing part 151, an imageformation part 152, an image reading part 153, and an internal interface180. The image processing part 151 performs processing such asenlargement/reduction of an output image, for example, by processing theinput image data. The image processing part 151 is realized by, forexample, a processor and a memory for image processing. The imageformation part 152 is realized by a toner cartridge, a sheet tray foraccommodating a recording sheet, a hardware resource for forming animage on the recording sheet, such as a photosensitive body, and ahardware resource for conveying the recording sheet. The image readingpart 153 is realized by a hardware resource configured to create imagedata of a document such as a scanner. Since each function of the imageprocessing part 151, the image formation part 152, and the image readingpart 153 can be those well known in image forming apparatuses, thedetailed description thereof will not be repeated here.

The internal interface 180 functions as an interface for communicationwith the server part 20, and is realized by, for example, a local areanetwork (LAN) card.

(Server Part 20)

The server part 20 includes a CPU 250 for controlling the entire serverpart 20, a network communication part 260, a storage part 270, and aninternal interface 280.

The network communication part 260 is realized by a hardware resourceconfigured to perform transmission and reception of data with anexternal device such as a terminal 500 via a global network. An exampleof the hardware resource is a network card. The CPU 250 communicateswith an external device via the network communication part 260.

The storage part 270 is realized by, for example, a nonvolatile memory.The information stored in the storage part 270 may include a programexecuted by the CPU 250 and data used for executing the program.

The CPU 250 is further configured to control the operation panel 30. Theoperation panel 30 includes a control circuit 350, a display part 360realized by an organic electro luminescence (EL) display or the like, anoperation part 370 realized by a touch sensor or the like, and a cardreader 380 realized by a contactless card reader or the like.

The control circuit 350 controls display operation of the display part360 according to a control signal from the CPU 250. The operation part370 outputs input information to the control circuit 350. The controlcircuit 350 outputs a signal corresponding to the information input fromthe operation part 370 to the CPU 250. The control circuit 350 transfersthe data read by the card reader 380 to the server part 20 in accordancewith the control signal from the CPU 250.

3. Storage Mode in File Storage Region

FIG. 3 is a diagram showing an example of a file storage mode in thefile storage region 1910. With reference to FIG. 3, a file storage modein the file storage region 1910 will be described.

The file storage region 1910 includes three regions 1911, 1912, 1913 forstoring a file (document) to be printed by the image formation part 152.Each of the regions 1911, 1912, 1913 is associated with a print setting.The region 1911 is a region for storing a file to be printed using apage aggregation function “2 in 1”. The region 1912 is a region forstoring a file on which images are printed on both surfaces of a sheet.The region 1913 is a region for storing a file to be printed inmonochrome. In one example, the CPU 190 stores each of a file receivedfrom an external device such as the control device 500, a file receivedfrom the server part 20, and a file generated by the image reading part153, in a region corresponding to the print setting associated with eachfile among the file storage region 1910.

4. Information Stored in Setting Region

FIG. 4 is a diagram showing an example of information stored in thesetting region 1920. With reference to FIG. 4, the contents of theinformation will be described.

The setting region 1920 includes a file attribute 1921 and a virus scansetting 1922.

The file attribute 1921 specifies the handling after printing of a filestored in each region in the file storage region 1910. In FIG. 4,“delete” means deleting a file after printing, and “store” means storinga file until deleting operation after printing.

That is, in the example of FIG. 4, the file stored in the region 1911(the region of the file for 2 in 1) and the file stored in the region1912 (the region of the file for duplex printing) are deleted afterprinting (without requiring operation for deletion). The file stored inthe region 1913 (the region of the file for monochrome printing) isstored even after printing, until the operation for deletion isperformed.

The virus scan setting 1922 specifies necessity of a virus scan for eachhandling prescribed in the file attribute 1921. In the example of FIG.4, the virus scan is set to be unnecessary in the region where thehandling “delete” is set in the file attribute 1921. Virus scan is setto be necessary in the region where handling “store” is set in the fileattribute 1921.

Therefore, in the example of FIG. 4, the file stored in the region 1911(the region of the file for 2 in 1) and the file stored in the region1912 (the region of the file for duplex printing) are not included inthe target of the virus scan. In the regions 1911, 1912, files inputfrom external are stored, but these files are deleted immediately afterprinting. Therefore, even if these files are infected with viruses,there is no possibility that the server part 20 or the client device(such as the control device 500) accesses these files and is secondarilyinfected. Note that in the region 1911 and the region 1912, system filesspecifying print audit logs, printing settings, or the like may bestored.

On the other hand, in the example of FIG. 4, the file stored in theregion 1913 (the region of the file for monochrome printing) is includedin the target of the virus scan. The file stored in the region 1913continues to be stored in the region 1913 after printing and there is apossibility that the file is accessed from the server part 20 or theclient device (the control device 500 or the like). If the file storedin the region 1913 is infected with a virus, the client device may besecondarily infected. Secondary infection can be reliably avoided bymaking the file in the region 1913 be included in the target of virusscan.

As described above with reference to FIG. 4, in the informationprocessing device 100, a minimum number of files are included in thetarget of the virus scan for the purpose of avoiding secondary infectionof the server part 20 and the client device, or the like. As a result,while securing the safety of the operation in the information processingdevice 100 including the MFP part 10 and the server part 20 connected tothe MFP part 10, and the safety of the operation of the client device,reduction in performance of the MFP part 10 can be avoided as much aspossible.

5. Processing Flow Example 1

FIG. 5 is a diagram showing an example of processing for the informationprocessing device 100 to perform a print instruction from the controldevice 500. The example of FIG. 5 relates to printing of a file in which“store” is set as handling of a file after printing. With reference toFIG. 5, the flow of this processing will be described.

In step S500, the control device 500 transmits an instruction of directprinting by monochrome printing to the information processing device100. The instruction includes a file to be printed.

In step S502, the CPU 190 of the information processing device 100stores the received file in a region corresponding to the setting of thefile. Since the print setting instructed in step S500 is monochromeprinting, the received file is stored in the region 1913. Note that theCPU 190 executes the program stored in the storage part 191, forexample, to realize the control in step S502 and the subsequent steps.

In step S504, the CPU 190 performs printing of the file stored in stepS502. The file is printed in monochrome.

In step S506, the CPU 190 handles the file printed in step S504according to the region in which the file is stored. The region 1913 isset so that a file is stored even after printing. Therefore, the CPU 190maintains the file in the region 1913 until active operation fordeletion is performed.

When it is detected in step S508 that the execution timing of a regularvirus scan to the file storage region 1910 has arrived, the CPU 190performs the virus scan in step S510. The target of the virus scan inthe file storage region 1910 is only for the region where the value of“handling of file after printing” is “store”. The storage location ofthe file in step S502 is the region 1913. The value of “handling of fileafter printing” in the region 1913 is “store” (FIG. 4). Therefore, theregion (region 1913) where the file received in step S502 is stored isincluded in the target of the virus scan.

Therefore, as shown in step S512, even when the control device 500 (oranother client device) reads the file stored in the file storage region1910 in step S502, since the virus scan is performed on the file, thesafety of the system can be secured.

Example 2

FIG. 6 is a diagram showing another example of processing for theinformation processing device 100 to perform a print instruction fromthe control device 500. The example of FIG. 6 relates to printing of afile in which “delete” is set as handling of a file after printing. Withreference to FIG. 6, the flow of this processing will be described.

In step S600, the control device 500 transmits an instruction of directprinting by monochrome printing to the information processing device100. The instruction includes a file to be printed.

In step S602, the CPU 190 of the information processing device 100stores the received file in a region corresponding to the setting of thefile. Since the print setting instructed in step S600 is “2 in 1” or“duplex printing”, the received file is stored in the region 1911 or theregion 1912.

In step S604, the CPU 190 performs printing of the file stored in stepS602.

In step S606, the CPU 190 handles the file printed in step S604according to the region in which the file is stored. The region 1911 orthe region 1912 is set so that a file is deleted after printing.Therefore, the CPU 190 deletes the file.

In step S608, when the execution timing of a regular virus scan to thefile storage region 1910 has arrived, the CPU 190 performs the virusscan in step S610. The target of the virus scan in the file storageregion 1910 is only for the region where the value of “handling of fileafter printing” is “store”. The storage location of the file received instep S602 is the region 1911 or the region 1912. The value of “handlingof file after printing” in the region 1911 and the region 1912 is“delete” (FIG. 4). Therefore, the regions (region 1911 or region 1912)in which the file received in step S602 is stored is not included in thetarget of the virus scan.

As shown in step S612, it is assumed that the control device 500 (oranother client device) attempts to access the file received in stepS602. In this case, the file has already been deleted in step S606.Therefore, the control device 500 fails to access the file. As a result,even when the region in which the file received in step S602 is storedis not included in the target of the virus scan, since the file isdeleted immediately after printing, the security of the system can besecured.

6. Another Example of Classification of Region in File Storage Region

FIG. 7 is a diagram for explaining another example of classification ofa region in the file storage region 1910.

In the example of FIG. 7, the file storage region 1910 includes threeregions 1914, 1915, 1916 set for each user. The region 1914 is a regionset for the user “Fujita”, and the name of the region is “Fujita”. Theregion 1915 is a region set for the user “Nishiwaki”, and the name ofthe region is “Nishiwaki”. The region 1916 is a region set for the user“Kawanishi”, and the name of this region is “Kawanishi”.

In the example of FIG. 7, each user needs to log in to the informationprocessing device 100 in order to store the file in the file storageregion 1910. Each user can store files only in the region set for eachuser. For example, the user “Fujita” can store files only in the region1914 in the file storage region 1910.

FIG. 8 is a diagram showing an example of information stored in thesetting region 1920 corresponding to the example of FIG. 7. In theexample of FIG. 8, the setting region 1920 includes a region attribute1924 and a virus scan setting 1925.

The region attribute 1924 specifies whether or not to allow access froman external device to each of the regions 1914, 1915, 1916. The value“allowed” means that access from an external device (such as the controldevice 500) is allowed. The value “not allowed” means that access froman external device is not allowed. For example, the CPU 190 allowsaccess from an external device to the file in the region 1916 (regionname “Kawanishi”) and allows the storage of the file from an externaldevice to the region 1916 (region name “Kawanishi”). On the other hand,the CPU 190 prohibits access from an external device to the region 1914(region name “Fujita”) and the region 1915 (region name “Nishiwaki”),and prohibits storing of the file from an external device to theseregions.

The virus scan setting 1925 specifies setting of the virus scan for eachvalue specified in the region attribute 1924. More specifically, thevirus scan setting 1925 specifies that the virus scan is “necessary” forthe value “allowed” in the region attribute 1924, and specifies that thevirus scan is “not necessary” for the value “not allowed” in the regionattribute 1924.

FIG. 9 shows a sequence of processing related to a region to whichaccess from an external device is allowed. In each of steps S900, S902,S904, the CPU 190 stores the file by “Scan_To_HDD” in the region.“Scan_To_HDD” is processing of storing image data of a document read bythe image reading part 153 in the file storage region 1910. In theexample of FIG. 9, for example, the user “Kawanishi” logs in to theinformation processing device 100 and executes “Scan_To_HDD”. As aresult, the generated image data is stored in the region 1916.

Access to the region 1916 from an external device is allowed.Accordingly, when an external device requests access to a file in theregion 1916, the CPU 190 allows the external device to read the file inthe region 1916 in step S906. Further, when an external device requeststo store the file to the region 1916, the CPU 190 stores the file (forexample, conference material) that is the target of the request, in theregion 1916 in step S908.

When it is detected in step S910 that the execution timing of a regularvirus scan to the file storage region 1910 has arrived, the CPU 190performs the virus scan in step S912. The target of the virus scan inthe file storage region 1910 includes only the region having the valueof external access of “allowed”. The region 1916 is included in thetarget of the virus scan since the value of external access is“allowed”. Therefore, even when the region 1916 is accessed from anexternal device, the security of the network system can be secured.

Note that the CPU 190 may be configured to allow a request to access thefile in the region 1916 in step S906 on condition that the virus scan ofthe file in the region 1916 is completed. As a result, the safety of thenetwork system can be secured more reliably.

FIG. 10 shows a sequence of processing related to a region to whichaccess from an external device is not allowed. In each of steps S1000,S1002, S1004, the CPU 190 stores the file by “Scan_To_HDD” in theregion. In the example of FIG. 10, for example, the user “Fujita” logsin to the information processing device 100 and executes “Scan_To_HDD”.As a result, the generated image data is stored in the region 1914.

In the region 1914, access from an external device (also for the user“Fujita”) is not allowed. Accordingly, even when an external devicerequests access to a file in the region 1914, the CPU 190 notifies theexternal device that reading of the file in the region 1914 is notallowed in step S1006. Even when an external device requests to store afile in the region 1914, the CPU 190 notifies the external device thatstoring of the file in the region 1914 is not allowed in step S1008.

When it is detected in step S1010 that the execution timing of a regularvirus scan to the file storage region 1910 has arrived, the CPU 190performs the virus scan. However, the target of the virus scan in thefile storage region 1910 includes only the region having the value ofexternal access of “allowed”. The region 1914 is not included in thetarget of the virus scan since the value of external access is “notallowed”. Since the region 1914 is not allowed to be accessed from anexternal device, the security of the network system can be secured evenwhen the region 1914 is not included in the target of the virus scan.

7. Still Another Example of Classification of Region in File StorageRegion

FIGS. 11 and 12 are diagrams for explaining still another example ofstorage contents of the setting region 1920. FIG. 11 shows the fileattribute 1926 in the setting region 1920. FIG. 12 shows a virus scansetting 1927 in the setting region 1920.

The file attribute 1926 in FIG. 11 indicates the region name andattribute to be stored for each file. In the example of FIG. 11, each ofthe plurality of storage regions in the file storage region 1910 isconfigured by the region where each file is stored.

In FIG. 11, the attribute value “internally generated” indicates that afile has been generated in the information processing device 100. In theinformation processing device 100, for example, a file is generated by“Scan_To_HDD”. The attribute value “input from external” indicates thatthe file has been generated outside the information processing device100. In the information processing device 100, a file generated outsidethe information processing device 100 is stored in the file storageregion 1910, for example, when the file is received from an externaldevice.

As shown in FIG. 12, the setting region 1927 specifies necessity ofvirus scan for each attribute value in FIG. 11. More specifically, thevalue “necessary” of the virus scan setting is set in association withthe value “input from external”. The value “unnecessary” of the virusscan setting is set in association with the value “internallygenerated”.

FIG. 13 shows a sequence of processing corresponding to access from anexternal device. In each of steps S1300, S1302, S1304, the CPU 190generates a file by “Scan_To_HDD” and stores the file in the filestorage region 1910. The value of the attribute (FIG. 11) of each fileto be stored is “internally generated”.

When it is detected in step S1308 that the execution timing of theregular virus scan to the file storage region 1910 has arrived, the CPU190 performs virus scan only for the file having the value “input fromexternal” in the file storage region 1910. That is, only the regionstoring the file having the value “input from external” is included inthe target of the virus scan.

Thereafter, the information processing device 100 establishes aconnection with a first external device 500A. In FIG. 13, a connectionbetween the information processing device 100 and the first externaldevice 500A is indicated by a connection C1.

Upon receiving a request to read the file in the file storage region1910 from the first external device 500A, the CPU 190 allows the firstexternal device 500A to read the file as the request target in stepS1312.

In step S1312, after the virus scan, the CPU 190 may allow reading ofthe file on condition that the external device has not performed eitherstoring or updating of the file in the file storage region 1910.

In step S1316, the CPU 190 stores a file (for example, conferencematerial) in the file storage region 1910 in response to a request fromthe first external device 500A. The file is stored together with thevalue “input from external”.

Until the virus scan of the file storage region 1910 is newly performedafter step S1316, even when an external device requests access to thefile in the file storage region 1910, the CPU 190 may deny the request.

The information processing device 100 establishes a connection with asecond external device 500B. In FIG. 13, a connection between theinformation processing device 100 and the second external device 500B isindicated by a connection C2.

In step S1320, the CPU 190 denies the access request from the secondexternal device 500B. This is because the virus scan of the file storageregion 1910 has not been performed after step S1316.

When it is detected in step S1322 that the execution timing of theregular virus scan has arrived, the CPU 190 performs the virus scan ofthe file storage region 1910. The target of the virus scan is a regionfor storing a file having the value “input from external”.

After the virus scan in step S1322, the CPU 190 allows a request foraccess to the file in the file storage region 1910 from the externaldevice. In step S1326, the CPU 190 allows the access request from thesecond external device 500B.

According to an embodiment of the present disclosure, an imageprocessing apparatus performs malicious code detection processing onlyon a storage region set as a target of the malicious code detectionprocessing among a plurality of storage regions. As a result, the targetof the malicious code detection processing can be suppressed to theminimum necessary.

Although embodiments of the present invention have been described andillustrated in detail, the disclosed embodiments are made for purposesof illustration and example only and not limitation. The scope of thepresent invention should be interpreted by terms of the appended claims.

What is claimed is:
 1. An image processing apparatus comprising: animage processing part; a storage part including a nonvolatile regionthat stores data in a nonvolatile manner; and a hardware processor thatcontrols the image processing part, wherein the nonvolatile regionincludes a plurality of storage regions, and each of the plurality ofstorage regions is assigned a file attribute, the storage part storessetting information indicating whether each of the file attributesidentifies a storage region that includes data that is a target ofmalicious code detection processing, and the hardware processor performsthe malicious code detection processing only on the data that is storedin a storage region that is identified as the target of the maliciouscode detection processing based on the setting information among theplurality of storage regions.
 2. The image processing apparatusaccording to claim 1, further comprising a communication interface,wherein the attribute indicates at least one of whether the file is tobe deleted from the storage region after image formation by the imageprocessing part, and whether access from external using thecommunication interface is allowed.
 3. The image processing apparatusaccording to claim 1, further comprising a communication interface,wherein the attribute indicates whether the file is generated by theimage processing part or transmitted from external via the communicationinterface.
 4. The image processing apparatus according to claim 1,wherein the setting information specifies that a first storage region inthe plurality of storage regions is the target of the malicious codedetection processing, and when the hardware processor receives an accessto a file in the first storage region via the communication interface,the hardware processor allows the access on condition that the maliciouscode detection processing has been performed on the first storageregion, and the file in the first storage region is not stored orupdated from external after the malicious code detection processing. 5.A non-transitory recording medium storing a computer readable controlprogram of an image processing apparatus, which includes a nonvolatilestorage device including a plurality of storage regions, and each of theplurality of storage regions is assigned a file attribute, thenonvolatile storage device storing setting information indicatingwhether each of the file attributes identifies a storage region thatincludes data that is a target of malicious code detection processing,the control program causing a hardware processor of the image processingapparatus to execute performing the malicious code detection processingonly on a storage region that includes data that is the target of themalicious code detection processing based on the setting informationamong the plurality of storage regions.
 6. An image processing apparatuscomprising: an image processing part; a storage part including anonvolatile region that stores data in a nonvolatile manner; and ahardware processor that controls the image processing part, wherein thenonvolatile region includes a plurality of storage regions, the storagepart stores setting information indicating whether each of the pluralityof storage regions is a target of malicious code detection processing,and the hardware processor performs the malicious code detectionprocessing only on a storage region that is the target of the maliciouscode detection processing based on the setting information among theplurality of storage regions; wherein the setting information specifiesthat a first storage region in the plurality of storage regions is thetarget of the malicious code detection processing, and when the hardwareprocessor receives an access to a file in the first storage region viathe communication interface, the hardware processor allows the access oncondition that the malicious code detection processing has beenperformed on the first storage region.